CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5623 – Accellion File Transfer Appliance Improper Neutralization of Special Elements used in a Command ('Command Injection')
https://notcve.org/view.php?id=CVE-2019-5623
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). Accellion File Transfer Appliance versión FTA_8_0_540, sufre una instancia CWE-77: Neutralización Inapropiada de Elementos Especiales usados en un Comando ("Command Injection"). • https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5622 – Accellion File Transfer Appliance Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2019-5622
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials. Accellion File Transfer Appliance versión FTA_8_0_540, sufre de una instancia CWE-798: Uso de Credenciales Embebidas. • https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 1CVE-2015-2856 – Accellion FTA Statecode Cookie Arbitrary File Read
https://notcve.org/view.php?id=CVE-2015-2856
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie. Vulnerabilidad de salto de directorio en la función template en function.inc en dispositivos Accellion File Transfer Appliance anteriores a FTA_9_11_210 permite que atacantes remotos lean archivos arbitrarios mediante un .. (punto punto) en la cookie statecode. • https://www.rapid7.com/db/modules/auxiliary/scanner/http/accellion_fta_statecode_file_read • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8760
https://notcve.org/view.php?id=CVE-2017-8760
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding. Se detectó un problema en los dispositivos FTA anterior a versión FTA_9_12_180 de Accellion. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8792
https://notcve.org/view.php?id=CVE-2017-8792
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. Se descubrió un problema en los dispositivos Accellion FTA anteriores a FTA_9_12_180. Existe un XSS home/seos/courier/user_add.html con el parámetro param. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •